Many identity verification systems use a broker-based model, which employs a broker to facilitate end-user identification. For example, one federated model used on the Internet allows a user to identify to a relying party by leveraging existing data from a preferred identity provider. The traditional deployment model uses a centralized broker to act as the interface between identity providers and relying parties.
However, existing broker-based models suffer from a number of drawbacks. For example, each identity provider and relying party may have its own infrastructure and workflow for the generation and provision of data to and for users. These workflows and infrastructure may lack compatibility between parties, requiring costly and difficult integration and testing to enable additional identity providers and relying parties to interoperate.
In addition, existing models rely upon the continued and active participation of identity providers, meaning that service outages or the decommissioning of identity provider services can result in the inability to use a source of identification. Existing models do not easily allow for users to mix-and-match identification attributes from multiple identity providers, limiting their usefulness in many situations. Furthermore, existing models can require disclosure to the broker of the sensitive data (such as address) that is being used for identification. These and other drawbacks highlight the need for improved methods and systems for electronic identity provision and verification.